Hello, Crown Clients and Friends!
Your firewall typically keeps you safe from making connections with servers that you don’t want to connect with. If your network is available off-site with a VPN, you need to make sure that only legitimate and wanted connections are being made to and from your network. Otherwise, virtually anyone on the Internet can exploit your network and gain access to your data (especially if you aren’t using MFA).
Since more and more people are working from home, the only off-site connections to your network must be the connections of your staff and not an attacker poking around at your data and infrastructure. If you’re still relying on consumer-grade firewalls for protecting your network, then upgrading to a next-gen firewall may be the best move to secure your network while being accessible to off-site employees.
When we think about what a firewall does, we should keep in mind that the Internet isn’t a place that’s out there somewhere but is made up of all of the publicly connected devices in the world. To get to a website, our device looks up an address like a phone number in a phonebook (DNS) and then opens a connection by calling the number, which is answered by a server. The server then does whatever it’s configured to do: serve a webpage, connect our VPN, etc. Every Internet-connected device in the world can, theoretically, be accessed this way by someone “calling” our IP address on a specific port.
Classically, the firewall is a piece of software in your router that blocks or allows incoming and outgoing connections based on rules given to it. For instance, a firewall rule can be made on your router that says “if a request for a connection comes from [block of IP addresses] on port 443, then allow it;” this rule would allow all connections from the specific IP addresses on port 443 (used for HTTPS web connections).
The classic firewall has a few downsides to it. First, it typically deals with connections to IP addresses, which change on a regular basis and are often hijacked by attackers when used maliciously. To effectively block malicious connections using a ruleset, one would need to know where a future attack will come from. Second, a classic firewall blocks or allows connections but doesn’t help stop an attack if the connection has already been allowed through it. Third, firewalls often run on routers, which have limited resources and are difficult to update regularly with new rulesets.
Crown Computers recommends Sophos’ Next Gen Firewall, which adds a number of features to address these limitations and integrates with their EDR solutions. First, it uses Deep Packet Inspection and machine learning to see if the traffic on your network has signs of malicious activity instead of relying solely on which IP addresses are connecting. This allows the firewall to stop the delivery of malicious packets without needing to know the current IP addresses of every bad actor around the world.
Second, the firewall is deployed on its own hardware and is centrally managed by your IT team. This means that securely extending your network to another branch or site is easy since deploying your device means deploying your firewall at that site. Another benefit to deploying hardware to run the firewall is that it won’t consume the processing or memory resources of the rest of your network infrastructure.
Instead of a static list of rules hidden in the router, next-gen firewalls are actively monitored and used for threat response by your IT support staff. If potentially malicious connections or packets raise alerts or alarms, your IT team is notified and can take immediate action if needed. In addition, next-gen firewalls are constantly updated by the manufacturer to make sure that they are up-to-date and capable of detecting the latest threats and using the latest methods to sniff out novel threats.
These features go a long way to helping protect your network as your infrastructure expands, and VPN and cloud access are increasingly important as more employees work from home. But firewalls like the ones on workstations and consumer-grade routers can’t provide enough protection from attacks. Upgrading to a next-gen firewall is an excellent investment in long-term security for your company’s data.
-Written by Derek Jeppsen on Behalf of Sean Goss and Crown Computers Team